This site is deprecated. Please
CLICK HERE for latest updates
Short Name |
DNS:OVERFLOW:OPT-DOS
|
Severity |
Critical
|
Recommended |
No
|
Recommended Action |
Drop Packet
|
Category |
DNS
|
Keywords |
dns opt dos
|
Release Date |
2004/01/29
|
Update Number |
1213
|
Supported Platforms |
di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+
|
DNS: BIND OPT DoS
This protocol anomaly detects a suspiciously long OPT resource record. All versions of BIND up to version 8.3.3 are vulnerable to a denial-of-service attack. Using an OPT resource record that has a very large UDP payload size; an attacker, by requesting a subdomain that does not exist, can crash the server.
Extended Description
ISC BIND is vulnerable to a denial of service attack. When a DNS lookup is requested on a non-existant sub-domain of a valid domain and an OPT resource record with a large UDP payload is attached, the server may fail.
Affected Products
- Astaro security_linux 2.0.0 16
- Astaro security_linux 2.0.0 23
- Astaro security_linux 2.0.0 24
- Astaro security_linux 2.0.0 25
- Astaro security_linux 2.0.0 26
- Astaro security_linux 2.0.0 27
- Astaro security_linux 2.0.0 30
- Astaro security_linux 3.2.0 00
- Astaro security_linux 3.2.0 10
- Astaro security_linux 3.2.0 11
- Compaq tru64 4.0.0 f
- Compaq tru64 4.0.0 f PK6 (BL17)
- Compaq tru64 4.0.0 f PK7 (BL18)
- Compaq tru64 4.0.0 g
- Compaq tru64 4.0.0 g PK3 (BL17)
- Compaq tru64 5.0.0 a
- Compaq tru64 5.0.0 a PK3 (BL17)
- Compaq tru64 5.1.0
- Compaq tru64 5.1.0 a
- Compaq tru64 5.1.0 a PK1 (BL1)
- Compaq tru64 5.1.0 a PK2 (BL2)
- Compaq tru64 5.1.0 a PK3 (BL3)
- Compaq tru64 5.1.0 B
- Compaq tru64 5.1.0 b PK1 (BL1)
- Compaq tru64 5.1.0 PK3 (BL17)
- Compaq tru64 5.1.0 PK4 (BL18)
- Compaq tru64 5.1.0 PK5 (BL19)
- Freebsd freebsd 4.4.0
- Freebsd freebsd 4.5.0
- Freebsd freebsd 4.6.0
- Freebsd freebsd 4.7.0
- Hp hp-ux 10.10.0
- Hp hp-ux 10.20.0
- Hp hp-ux 10.24.0
- Hp hp-ux 11.0.0
- Hp hp-ux 11.0.0 4
- Hp hp-ux 11.11.0
- Hp hp-ux 11.22.0
- Isc bind 8.3.0 .0
- Isc bind 8.3.1
- Isc bind 8.3.2
- Isc bind 8.3.3
- Openbsd openbsd 3.0
- Openbsd openbsd 3.1
- Openbsd openbsd 3.2
- Sco open_server 5.0.5
- Sco open_server 5.0.6
- Sco open_server 5.0.7
- Sun cobalt_raq_xtr
- Sun solaris 9 Sparc
References